Add checks to prevent unauthorized relaying and impersonation

This patch adds checks that verify: - The envelope from must match the authenticated user. This prevents impersonation at the envelope level (while still allowing bounces, of course). - If the destination is remote, then the user must have completed authentication. This prevents unauthorized relaying. The patch ends up adjusting quite a few tests, as they were not written considering these restrictions so they have to be changed accordingly.
2026-01-07 17:47:14 +00:00 · 2016-09-12 06:08:53 +01:00
parent 941eb9315c
commit e2fdcb3705
9 changed files with 131 additions and 46 deletions
--- a/test/t-01-simple_local/run.sh
+++ b/test/t-01-simple_local/run.sh
@@ -7,6 +7,7 @@ init

 generate_certs_for testserver

+mkdir -p .logs
 chasquid -v=2 --log_dir=.logs --config_dir=config &
 wait_until_ready 1025

@@ -16,6 +17,13 @@ wait_for_file .mail/someone@testserver

 mail_diff content .mail/someone@testserver

+# At least for now, we allow AUTH over the SMTP port to avoid unnecessary
+# complexity, so we expect it to work.
+if ! run_msmtp -a smtpport someone@testserver < content 2> /dev/null; then
+	echo "ERROR: failed auth on the SMTP port"
+	exit 1
+fi
+
 if run_msmtp -a baduser someone@testserver < content 2> /dev/null; then
 	echo "ERROR: successfully sent an email with a bad password"
 	exit 1